Latest Adobe Vulnerabilities

CVE-2024-20717
Stored admin XSS via PayPal authentication certificate
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
CVE-2024-20716
Force high-usage of resources by generating unlimited coupons: Adobe Commerce
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
CVE-2024-20718
[Spain] CSRF to delete Requisition Lists at Adobe Commerce
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
CVE-2024-20719
[Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
CVE-2024-20720
Command injection in data collector backup due to insufficient patching of CVE-2023-38208
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
CVE-2024-20738
Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability | CVE-2023-44324 bypass
Adobe FrameMaker Publishing Server<2022
Adobe FrameMaker Publishing Server=2022
Adobe FrameMaker Publishing Server=2022-update1
Microsoft Windows
CVE-2024-20726
[TianfuCup] JP2K Image Parsing Out-Of-Bounds Write
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20730
TALOS-2023-1906 - Adobe Acrobat Reader Font CPAL integer overflow vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20731
TALOS-2023-1901 - Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20727
[TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20747
TALOS-2023-1908 - Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20733
[ZS-VR-23-360] Adobe Acrobat Reader Parsing OTF font Denial-of-Service Vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20748
TALOS-2023-1909 - Adobe Acrobat Reader Font avar SegmentMaps out-of-bounds read vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20734
ZDI-CAN-22516: Adobe Acrobat Pro DC AcroForm Use-After-Free Information Disclosure Vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20728
ZDI-CAN-22727: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20736
ZDI-CAN-22822: Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20749
TALOS-2023-1910 - Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20735
TALOS-2023-1905 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20729
TALOS-2023-1890 - Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability
Adobe Acrobat Dc>=15.008.20082<23.008.20533
Adobe Acrobat Reader DC>=15.008.20082<23.008.20533
Apple macOS
Microsoft Windows
Adobe Acrobat Reader>=20.001.30005<20.005.30574
Adobe Acrobat Reader>=20.001.30005<20.005.30574
and 2 more
CVE-2024-20744
Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20724
Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability II
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20743
Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20722
Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability III
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20740
Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20742
Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20741
Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20723
Adobe Substance 3D Painter v9.0.1Build2822 Buffer Overflow Vulnerability
Adobe Substance 3D Painter<=9.1.1
CVE-2024-20725
Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability I
Adobe Substance 3D Painter<=9.1.1
CVE-2023-51463
Reflected XSS in `libs/cq/gui/components/siteadmin/admin/createlanguagecopywizard/clientlibs/createlanguagecopy/js/createlanguagecopy.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-51464
Stored XSS in forms via advanced CSS styles configuration, triggers when a user edits the styles
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2024-20709
New Edge T5 MSRC Case [DCMSFT-1081]
Microsoft Edge (Chromium-based)
Microsoft Edge<120.0.2210.133
Adobe Acrobat Edge<=120.0.2210.91
Microsoft Edge Chromium<120.0.2210.133
CVE-2024-20721
T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words
Microsoft Edge<120.0.2210.133
Microsoft Edge (Chromium-based)
Adobe Acrobat Edge<=120.0.2210.91
Microsoft Edge Chromium<120.0.2210.133
CVE-2024-20711
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
CVE-2024-20713
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
CVE-2024-20714
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
CVE-2024-20712
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
CVE-2024-20715
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
CVE-2024-20710
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
CVE-2023-51458
Stored XSS in `libs/cq/gui/components/projects/admin/translation/job/addcontent/clientlibs/js/addcontent.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51462
Cloud XSS - /libs/wcm/core/content/sites/createsitefromstarterkitwizard.html
Adobe Experience Manager<=6.5.18
Adobe Experience Manager<2023.11.0
CVE-2023-51460
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/toggleable/control.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51461
Admin Account Takeover using Stored XSS
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51457
Stored XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/collection/create.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-51459
AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/formfields/v2/dropdownfield (encoded HTML attributes without quotes)
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
CVE-2023-48522
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/collection/selectall/selectall.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48512
Stored XSS on `https://author-bugbounty-65-prod.adobecqms.net/` via Adaptive form fragment `title` input and triggered at Create Language Copy
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48604
Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
CVE-2023-48468
DOM XSS in `libs/cq/workflow/admin/console/components/clientlibs/js/action/workflow.editModel.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48501
AMS XSS - /libs/fd/foundation/gui/content/migration/status.html
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
CVE-2023-48607
Reflected XSS in libs/cq/gui/components/projects/admin/clientlibs/forms/js/form.response.openprompt.js
Adobe Experience Manager<=6.5.18
Adobe Experience Manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203